How to set up and maintain a VPN

Steps to get the best from a virtual private network

With many small businesses now depending on mobile workforces, it's vital to ensure that they can connect securely to their central office server. A virtual private network (VPN) can provide the solution, but must be set up correctly to ensure that it does the job effectively.

A VPN provides a secure method of connecting a remote computer or other device to a server. Given that a lot of the information accessed by a workforce can be highly sensitive or have a commercial value, using an ordinary internet connection – often a public Wi-Fi hotspot – is simply not sufficiently secure for business without a VPN.

A VPN enables two computers to connect securely to each other, using special protocols to establish a temporary bridge between them. The data that travels over the bridge is encrypted and, while the address of the recipient is in view so the data can be delivered, the content of the message is completely hidden.

Secure access

Businesses often use VPNs to connect servers in different offices, which can give their employees seamless secure access to the files and other assets (such as printers) they need to do their jobs.

Before setting up a VPN, the type of network protocol has to be chosen. There are four to consider:

SSL (Secure Socket Layer) - This will be familiar if you shop or bank online. For very small businesses, SSL is ideal as the VPN is set up via an internet browser.

Open VPN - If cost is an issue, this VPN is based on open source SSL code but, as its name suggests, the code can be seen – and potentially hacked – by anyone.

PPTP (Point-to-Point Tunnelling Protocol) - This is the latest type of VPN. It is supported natively by Windows, Mac OS X and mobile operating systems, which makes it ideal in the brave new world of 'bring your own device' in which personal data devices need to be secured.

IPsec (Internet Protocol Security) and L2TP (Layer 2 Tunnelling Protocol) - These VPNs are inherently more secure than PPTP for instance, but are more complex to set up.

If you just need to set up a VPN quickly and are using Windows 8, the operating system has a wizard that walks you through the process. You will need the IP address or the domain name of the computer or server you want to connect to, but note that Windows only supports PPTP and L2TP/IPsec protocols.

If you choose to use PPTP, you must ensure the network router is set to forward VPN traffic – the instructions for which should be in the router's manual.

In addition, static IP addresses must be used for a VPN to operate effectively. Some businesses will use dynamic internet connections, which require a new VPN to be established each time any computers or other devices want to make a secure connection. This isn't ideal and certainly not very efficient for employees working away from their main offices.

There are also a number of third party VPN applications that use proprietary protocols to make the secure connection between each computer. Examples include TeamViewer, Gbridge and Comodo Unite.

Trefor Davies, Chief Technology Office of communications services provider Timico, also advises: "Firstly, your office firewall needs to be able to support VPN. Then you need to have good anti-virus software running on this firewall. This will protect your network from infections picked up in external environments that may not be as secure from malware."

He also points out: "If you are running off broadband then the downlink speed is normally much faster than the uplink. Ordinarily this is fine as most people do more downloading than uploading. However, when running external connections over a VPN, the users are downloading from the far end and thus consuming your uplink bandwidth.

"You therefore need to decide how good the user experience needs to be over the VPN and for how many simultaneous users."

Access to cloud services is also an increasingly important issue for most businesses. Steve Roberts, Service Development Manager at business communications provider Vtesse Networks says that until recently many cloud consumers have used the public internet to access public cloud services.

"However," he adds, "with the advent of technologies such as Amazon Direct Connect, cloud services can be accessed using a secure dedicated connection from a corporate VPN directly into the cloud. This overcomes the normal security, reliability and performance issues associated with the internet."

Best practice steps

In addition to the choices above, there are a number of steps you can take to ensure that you get the best out of a VPN.

Firstly, perform a data audit to assess the VPN features needed. It is important to understand who will connect with each other using a VPN, and what kind of data they will exchange. This will guide your business to the right VPN protocol to use.

Secondly, ask yourself what kind of internet connection your business has at the moment.

VPNs can easily use large quantities of bandwidth, so ensure your business's connection can cope with this additional traffic. Also, don't forget that you'll need a static IP address to avoid the need to set up a new VPN each time a connection is needed.

Thirdly, the maintenance of a VPN, with a special focus on its security features, is vital. Anti-virus software should be in place and up-to-date.

Next, if you want to allow staff to have access from public Wi-Fi connections, there are a number of applications that can support the operation and keep it secure. These include HotSpot VPN, HotspotShield and WiTopia.

Finally, ensure that any VPN client is secure. A VPN will use its own client to make the connection to another device or server, and the user ID and password will be stored on these devices, which of course could be stolen.

Use a personal firewall or a password on the computer's basic input/output system, to prevent unauthorised personnel using the VPN client if the device is stolen.